Use src/dst ports as configured in ike_cfg

src/charon/sa/ike_sa.c

@@ -1117,7 +1117,7 @@ static void resolve_hosts(private_ike_sa_t *this)
 	else
 	{
 		host = host_create_from_dns(this->ike_cfg->get_other_addr(this->ike_cfg),
-									0, IKEV2_UDP_PORT);
+								0, this->ike_cfg->get_other_port(this->ike_cfg));
 	}
 	if (host)
 	{
@@ -1139,7 +1139,7 @@ static void resolve_hosts(private_ike_sa_t *this)
 			family = this->other_host->get_family(this->other_host);
 		}
 		host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg),
-									family, IKEV2_UDP_PORT);
+							family, this->ike_cfg->get_my_port(this->ike_cfg));
 
 		if (host && host->is_anyaddr(host) &&
 			!this->other_host->is_anyaddr(this->other_host))
@@ -1149,13 +1149,13 @@ static void resolve_hosts(private_ike_sa_t *this)
 							charon->kernel_interface, this->other_host, NULL);
 			if (host)
 			{
-				host->set_port(host, IKEV2_UDP_PORT);
+				host->set_port(host, this->ike_cfg->get_my_port(this->ike_cfg));
 			}
 			else
 			{	/* fallback to address family specific %any(6), if configured */
 				host = host_create_from_dns(
-									this->ike_cfg->get_my_addr(this->ike_cfg),
-									0, IKEV2_UDP_PORT);
+								this->ike_cfg->get_my_addr(this->ike_cfg),
+								0, this->ike_cfg->get_my_port(this->ike_cfg));
 			}
 		}
 	}

src/charon/sa/tasks/ike_mobike.c

@@ -268,6 +268,29 @@ static void update_children(private_ike_mobike_t *this)
 	iterator->destroy(iterator);
 }
 
+/**
+ * Apply port of old address if it equals new, port otherwise
+ */
+static void apply_port(private_ike_mobike_t *this, host_t *host, host_t *old,
+					   u_int16_t port)
+{
+	if (host->ip_equals(host, old))
+	{
+		host->set_port(host, old->get_port(old));
+	}
+	else
+	{
+		if (port == IKEV2_UDP_PORT)
+		{
+			host->set_port(host, IKEV2_NATT_PORT);
+		}
+		else
+		{
+			host->set_port(host, port);
+		}
+	}
+}
+
 /**
  * Implementation of ike_mobike_t.transmit
  */
@@ -275,6 +298,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
 {
 	host_t *me, *other, *me_old, *other_old;
 	iterator_t *iterator;
+	ike_cfg_t *ike_cfg;
 	packet_t *copy;
 
 	if (!this->check)
@@ -284,13 +308,13 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
 
 	me_old = this->ike_sa->get_my_host(this->ike_sa);
 	other_old = this->ike_sa->get_other_host(this->ike_sa);
+	ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
 
 	me = charon->kernel_interface->get_source_addr(
 									charon->kernel_interface, other_old, NULL);
 	if (me)
 	{
-		me->set_port(me, me->ip_equals(me, me_old) ?
-					 me_old->get_port(me_old) : IKEV2_NATT_PORT);
+		apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
 		DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old);
 		copy = packet->clone(packet);
 		copy->set_source(copy, me);
@@ -310,11 +334,9 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
 				continue;
 			}
 			/* reuse port for an active address, 4500 otherwise */
-			me->set_port(me, me->ip_equals(me, me_old) ?
-						 me_old->get_port(me_old) : IKEV2_NATT_PORT);
+			apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
 			other = other->clone(other);
-			other->set_port(other, other->ip_equals(other, other_old) ?
-							other_old->get_port(other_old) : IKEV2_NATT_PORT);
+			apply_port(this, other, other_old, ike_cfg->get_other_port(ike_cfg));
 			DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
 			copy = packet->clone(packet);
 			copy->set_source(copy, me);

src/charon/sa/tasks/ike_natd.c

@@ -313,6 +313,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 {
 	notify_payload_t *notify;
 	enumerator_t *enumerator;
+	ike_cfg_t *ike_cfg;
 	host_t *host;
 
 	if (this->hasher == NULL)
@@ -321,6 +322,8 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 		return NEED_MORE;
 	}
 
+	ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
 	/* destination is always set */
 	host = message->get_destination(message);
 	notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
@@ -343,7 +346,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 							this->ike_sa->get_other_host(this->ike_sa), NULL);
 		if (host)
 		{	/* 2. */
-			host->set_port(host, IKEV2_UDP_PORT);
+			host->set_port(host, ike_cfg->get_my_port(ike_cfg));
 			notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
 			message->add_payload(message, (payload_t*)notify);
 			host->destroy(host);
@@ -356,7 +359,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 			{
 				/* apply port 500 to host, but work on a copy */
 				host = host->clone(host);
-				host->set_port(host, IKEV2_UDP_PORT);
+				host->set_port(host, ike_cfg->get_my_port(ike_cfg));
 				notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
 				host->destroy(host);
 				message->add_payload(message, (payload_t*)notify);

src/charon/sa/trap_manager.c

@@ -127,14 +127,14 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer,
 	/* try to resolve addresses */
 	ike_cfg = peer->get_ike_cfg(peer);
 	other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg),
-								 0, IKEV2_UDP_PORT);
+								 0, ike_cfg->get_other_port(ike_cfg));
 	if (!other)
 	{
 		DBG1(DBG_CFG, "installing trap failed, remote address unknown");
 		return 0;
 	}
 	me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg),
-							  other->get_family(other), IKEV2_UDP_PORT);
+					other->get_family(other), ike_cfg->get_my_port(ike_cfg));
 	if (!me || me->is_anyaddr(me))
 	{
 		DESTROY_IF(me);
@@ -146,7 +146,7 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer,
 			other->destroy(other);
 			return 0;
 		}
-		me->set_port(me, IKEV2_UDP_PORT);
+		me->set_port(me, ike_cfg->get_my_port(ike_cfg));
 	}
 
 	/* create and route CHILD_SA */